Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2018-16395

An issue was discovered in the OpenSSL library in Ruby. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.(CVE-2018-16395)

Source

ALAS2-2019-1143

Amazon Linux 2 Security Advisory: ALAS-2019-1143
Advisory Release Date: 2019-01-07 22:05 Pacific
Advisory Updated Date: 2019-01-09 01:10 Pacific

Severity: Important

References: CVE-2018-16395

Issue Overview:

An issue was discovered in the OpenSSL library in Ruby. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.(CVE-2018-16395)

Affected Packages:

ruby

Issue Correction:
Run yum update ruby to update your system.

New Packages:

aarch64:
    ruby-2.0.0.648-34.amzn2.0.1.aarch64
    ruby-devel-2.0.0.648-34.amzn2.0.1.aarch64
    ruby-libs-2.0.0.648-34.amzn2.0.1.aarch64
    rubygem-bigdecimal-1.2.0-34.amzn2.0.1.aarch64
    rubygem-io-console-0.4.2-34.amzn2.0.1.aarch64
    rubygem-json-1.7.7-34.amzn2.0.1.aarch64
    rubygem-psych-2.0.0-34.amzn2.0.1.aarch64
    ruby-tcltk-2.0.0.648-34.amzn2.0.1.aarch64
    ruby-debuginfo-2.0.0.648-34.amzn2.0.1.aarch64

i686:
    ruby-2.0.0.648-34.amzn2.0.1.i686
    ruby-devel-2.0.0.648-34.amzn2.0.1.i686
    ruby-libs-2.0.0.648-34.amzn2.0.1.i686
    rubygem-bigdecimal-1.2.0-34.amzn2.0.1.i686
    rubygem-io-console-0.4.2-34.amzn2.0.1.i686
    rubygem-json-1.7.7-34.amzn2.0.1.i686
    rubygem-psych-2.0.0-34.amzn2.0.1.i686
    ruby-tcltk-2.0.0.648-34.amzn2.0.1.i686
    ruby-debuginfo-2.0.0.648-34.amzn2.0.1.i686

noarch:
    rubygems-2.0.14.1-34.amzn2.0.1.noarch
    rubygems-devel-2.0.14.1-34.amzn2.0.1.noarch
    rubygem-rake-0.9.6-34.amzn2.0.1.noarch
    ruby-irb-2.0.0.648-34.amzn2.0.1.noarch
    rubygem-rdoc-4.0.0-34.amzn2.0.1.noarch
    ruby-doc-2.0.0.648-34.amzn2.0.1.noarch
    rubygem-minitest-4.3.2-34.amzn2.0.1.noarch

src:
    ruby-2.0.0.648-34.amzn2.0.1.src

x86_64:
    ruby-2.0.0.648-34.amzn2.0.1.x86_64
    ruby-devel-2.0.0.648-34.amzn2.0.1.x86_64
    ruby-libs-2.0.0.648-34.amzn2.0.1.x86_64
    rubygem-bigdecimal-1.2.0-34.amzn2.0.1.x86_64
    rubygem-io-console-0.4.2-34.amzn2.0.1.x86_64
    rubygem-json-1.7.7-34.amzn2.0.1.x86_64
    rubygem-psych-2.0.0-34.amzn2.0.1.x86_64
    ruby-tcltk-2.0.0.648-34.amzn2.0.1.x86_64
    ruby-debuginfo-2.0.0.648-34.amzn2.0.1.x86_64

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ALAS2-2019-1143

ALAS2-2019-1143

Vulmon Search

About

Products

Connect